6 Mar
2013
6 Mar
'13
8 p.m.
On Wed, Mar 06, 2013 at 11:56:27AM -0800, Jeremy Kitchen wrote:
On Wed, Mar 06, 2013 at 10:05:30AM +0000, Andy Smith
wrote:
And I forgot to mention that this is a great case for separating your
sites onto different users, not running them all under the same user.
Compartmentalize and you limit the damage an attacker can do if they
compromise one of your sites.
-Jeremy
I would find it unusual for an attacker to
compromise some other web
app but then decide to put their .htaccess and other files in a
Wordpress that coincidentally happened to be on the same server,
though. These things tend to be straightforward.
Oh you'd be surprised. At DreamHost we would get people who had an old
version of $software installed somewhere else on their account and it
would go and infect as much as it could.